[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

126291

 
 

909

 
 

105100

 
 

152

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-0414Date: (C)2018-10-08   (M)2019-01-09


A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.7CVSS Score : 3.5
Exploit Score: 2.1Exploit Score: 6.8
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: SINGLE_INSTANCE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1041688
BID-105289
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe

CPE    7
cpe:/a:cisco:secure_access_control_server_solution_engine:5.4.0.46.6
cpe:/a:cisco:secure_access_control_server_solution_engine:3.3.1
cpe:/a:cisco:secure_access_control_server_solution_engine:5.5.0.36
cpe:/a:cisco:secure_access_control_server_solution_engine:3.3.2
...
CWE    1
CWE-611
XCCDF    1
CWE-611

© SecPod Technologies